Planning to upgrade from an earlier version?

If you plan to upgrade from an earlier version of Splunk Enterprise to version 6.1, read About Upgrading to 6.1 - READ THIS FIRST in the Installation Manual for important information you need to know before you upgrade.

Dashboard Editor enhancements

Splunk Enterprise 6.1 introduces interactive creation and editing of forms in the Dashboard Editor. This lets you select which inputs to add to a form, and to optionally place the inputs within specific form panels. For more information, see:

Chart overlay

Use chart overlays to represent two different series on a single chart. You can highlight one series of search results as a line graph on top of a column chart, area chart, or another line chart. For more information, see:

Data model enhancements

Create and share data models more easily in Splunk Enterprise 6.1.

Data model upload and download allows you to use the Splunk Web interface to export data models out of Splunk Enterprise and upload exported data models into other Splunk Enterprise implementations. Use this feature to back up data models or to collaborate on data models with other Splunk Enterprise users. For more information, see Manage data models in the Knowledge Manager Manual.

Splunk Enterprise 6.1 includes several improvements to the way that the Data Model Builder handles creation and maintenance of attributes. These enhancements include:

Bulk edit - You can now select multiple attributes and change their type and status (hidden/shown, optional/required) with a single click.

Manual auto-extracted attribute addition - Know a field will be in your data but don't see it in the set of available auto-extracted attributes? You can now add it yourself.

Improved lookup attribute definition - You'll now be able to select your lookup attributes from a list of every eligible output field in your chosen lookup table. You can also define a lookup that is based on multiple input fields.

Improved regular expression attribute definition - When defining regular expression attributes, you can now get much more insight into how the fields extracted by a given regular expression are distributed in your object's dataset. You can also drill down to see events in the object dataset that have a specific extracted field value.

Pan and zoom chart controls

Multisite clustering

In Splunk Enterprise 6.1, clusters have built-in site-awareness, meaning that you can explicitly configure a cluster on a site-by-site basis. This simplifies and extends the ability to implement a cluster that spans multiple physical sites, such as data centers, thus enhancing the disaster recovery capabilities of the cluster.

Search affinity

One of the key benefits of multisite clustering is that it gives you the ability to set up a cluster so that search heads limit their searches to data stored on their local sites. This reduces network traffic while still providing access to the entire set of data, since each site contains all the data. This benefit is known as "search affinity."

zLinux forwarder

Splunk Enterprise 6.1 includes support for the universal forwarder on the zLinux operating system. For the complete list of supported operating systems, see System requirements in the Installation Manual.

Low privilege Windows Universal Forwarder

Run the Splunk Universal forwarder on Windows platforms as a domain user without having to grant local administrator privileges. For more information, see:

New search commands

The sendemail command has many new options for configuring email notifications. These options include: message, sendcsv, use_ssl, use_tls, pdfview, papersize, paperorientation, maxinputs, and maxtime. Some existing options, including format and width_sort_columns, have also changed.

The tstats command has two new options, allows_old_summaries and chunk_size, and now works with the full set of stats functions.

Enter your email address, and someone from the documentation team will respond to you:

Send me a copy of this feedback

Please provide your comments here. Ask a question or make a suggestion.

Feedback submitted, thanks!

You must be logged into splunk.com in order to post comments.
Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic.
If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk,
consider posting a question to Splunkbase Answers.

0
out of 1000 Characters

Your Comment Has Been Posted Above

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website.
Learn more (including how to update your settings) here »